Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Sat Jul 26 17:15:50 CDT 2008


On Sat, Jul 26, 2008 at 05:47:54PM -0400, Sean Donelan wrote:
> On Sat, 26 Jul 2008, bmanning at vacation.karoshi.com wrote:
> >	there you go.  the massive effort to patch would likley have
> >	better been spent to actually -sign- the stupid zones and
> >	work out key distribution.  but no... running around like
> >	the proverbial headless chicken seems to get the PR.
> 
> Maybe someone could publish a blacklist of vulnerable recursive
> name servers, and then F-Root, the other root name servers,
> and other "popular" sites could start refusing to answer queries
> from vunerable name servers until after the blacklist operator decides 
> they've patched their recursive server sufficiently?
> 
> Maybe that would get their attention and encourage them to apply
> resources to the problem?
> 
> Extreme situations justify extreme measures; or how extreme do
> you believe justifies what measures?


	Knock yourself out Sean.

--bill




More information about the NANOG mailing list